# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

scenario IPsec

entity Root
  type Root

entity CA1
  type Intermediate
  issuer Root 

entity NoKU
  type EE
  issuer CA1

entity DigSig
  type EE
  issuer CA1
    ku digitalSignature

entity NonRep
  type EE
  issuer CA1
    ku nonRepudiation

entity DigSigNonRepAndExtra
  type EE
  issuer CA1
    ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement

entity NoMatch
  type EE
  issuer CA1
    ku keyEncipherment,dataEncipherment,keyAgreement

entity NonCriticalServerAuthEKU
  type EE
  issuer CA1
    eku serverAuth

entity NonIPSECEKU
  type EE
  issuer CA1
    eku codeSigning

entity CriticalServerAuthEKU
  type EE
  issuer CA1
    ku digitalSignature
    eku critical,serverAuth

entity EKUIPsecIKE
  type EE
  issuer CA1
    ku digitalSignature
    eku critical,ipsecIKE

entity EKUIPsecIKEEnd
  type EE
  issuer CA1
    ku digitalSignature
    eku ipsecIKEEnd

entity EKUIPsecIKEIntermediate
  type EE
  issuer CA1
    ku digitalSignature
    eku codeSigning,serverAuth,ipsecIKEIntermediate

entity EKUAny
  type EE
  issuer CA1
    ku digitalSignature
    eku x509Any

entity EKUEmail
  type EE
  issuer CA1
    ku digitalSignature
    eku emailProtection

entity EKUIPsecUser
  type EE
  issuer CA1
    ku digitalSignature
    eku ipsecUser

db All

import Root::C,,
import CA1:Root:

verify NoKU:CA1
  usage 12
  result pass

verify DigSig:CA1
  usage 12
  result pass

verify NonRep:CA1
  usage 12
  result pass

verify DigSigNonRepAndExtra:CA1
  usage 12
  result pass

verify NoMatch:CA1
  usage 12
  result fail

verify NonIPSECEKU:CA1
  usage 12
  result fail

verify NonCriticalServerAuthEKU:CA1
  usage 12
  result pass

verify CriticalServerAuthEKU:CA1
  usage 12
  result pass

verify EKUIPsecIKE:CA1
  usage 12
  result pass

verify EKUIPsecIKEEnd:CA1
  usage 12
  result pass

verify EKUIPsecIKEIntermediate:CA1
  usage 12
  result pass

verify EKUAny:CA1
  usage 12
  result pass

verify EKUEmail:CA1
  usage 12
  result pass

verify EKUIPsecUser:CA1
  usage 12
  result pass
